GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More

This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and ...
Techopedia

SpaceX’s Starlink Feuds With Pentagon Over Pricing Ahead of IPO | This Week in IT

Starlink controversy, AI psychosis debates, invisible malware takedowns, and dangerous MCP vulnerabilities dominated this ...
Quanta Magazine

How Terry Tao Became an Evangelist for AI in Math

With automated proof-checkers, a problem can be broken up into small chunks, solved bit-by-bit, then reassembled with ...
decrypt

Hermes Ends AI Agent Terminal Era With Release of Official Desktop App

Add Decrypt as your preferred source to see more of our stories on Google. Nous Research launched Hermes Desktop on June 2 as a native public preview app for macOS, Windows, and Linux Before this ...
InfoWorld

GitHub adds new Copilot features as usage-based billing takes effect

A desktop app and a new collaborative work surface could boost developer productivity, but enterprises will need stronger ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

Build 2026: Microsoft Announces GitHub Copilot App

The GitHub Copilot desktop app is like a central dashboard for managing AI agents and interacting with GitHub.